Version 2 of cryptsetup got a few new fancy options, one of them is the ability to use Argon2 as key derivation function. Creating a LUKS2 volume with Argon2 as hash function is very easy: sudo cryptsetup luksFormat -M luks2 --pbkdf argon2id -i 5000 /dev/sdb Please note that grub still does not support it, so it can’t be used for boot drives. Once the volume is created, to mount it run: …

At a first glance enabling TRIM on a luks encrypted volume looks quite easy, and, as a matter of a fact it is. The shitstorm starts when trying to enable TRIM on the root volume, but, let’s go one step at a time. First of all, enabling trim on a regular not encrypted volume is pretty easy; just open the file <em>/etc/fstab</em> and add the flag <em>discard</em>. You may also want to add the flag <em>noatime</em> to prevent the OS from writing additional informations regarding last access date and such, it’s not strictly necessary but it will save the SSD’s cells some useless write operations. The fstab file should look like this (here only one row is reported): …